Standardising Confidential Computing

11 September 2023

Trusted Execution Environments have been around for a while now and keep evolving. As support for confidential computing is included in more commodity platform, standardising this approach is becoming increasingly important to accelerate updake. This is part one of a series of blog posts covering standardisation of confidential computing.

What is Confidential Computing?

Some of you already know what Confidential Computing is and are just curious to learn more about standardisation. In this case just jump over to the next section. Otherwise you might be curious what is this all about and also why standardisation is important. You can learn more from our earlier blog post, check out the article in Wikipedia or reach out to us to learn more.

Why standardise confidential computing?

Just as with many (most?) new technologies, there is more than one way to achieve the same objective. On an abstract level, the goal of confidential computing is to protect data in use (among with other ancillary goals). However, even with a 3-word goal there is plenty of room for interpretation. What exactly is data in use? What is a sufficient level of protection? How should legacy applications be supported (or not)? Each technology vendor will answer these questions in their own way and produce a solution that differs from their competitor. Case in point is the variety of solution architectures between AMD SEV-SNP, ARM CCM, Intel SGX and Intel TDX. We compared these architectures in earlier blog posts and research paperIt would be naive to expect that standardising confidential computing will lead all vendors towards the same solution. As Andrew Tannenbaum once said:

“The nice thing about standards is that you have so many to choose from; furthermore, if you do not like any of them, you can just wait for next year’s model.”

Nonetheless, standardisation is a way to align the solutions and make them interoperable, at least to a certain degree and on a certain level. It is a lengthy process that might look like “bikeshedding” to outsiders. On the other hand, it helps bring adoption much closer: enterprises prefer to choose a technology when the dust has settled rather than betting on wildcard solutions.

Where is the standardisation of confidential computing being done?

Figuring out the scope of confidential computing standardisation is easier said then done. To keep things simple, I consider three standardisation bodies: The Internet Engineering Task Force (IETF),  European Telecommunication Standards Institution (ETSI) and the Confidential Computing Consortium (CCC). Below I briefly introduce each of these organisations and their activities relevant to the standardisation of confidential computing. Future parts of this blog post series will cover each of them in more detail.


The IETF has defined a large part of the protocols that power the Internet. These protocols enable you to read this blog by reaching the website of CanaryBit and access the post through an encrypted communication channel using a technology called Transport Layer Security.  Standardisation of concepts and technologies related to confidential computing is mainly done in two work groups:

  • The Remote Attestation ProcedureS (RATS) work group.
  • Trusted Execution Environment Platform (TEEP) work group.

Obviously, confidential computing does not exist or work in a vacuum, so many other work groups are related in one way or another. However, they are only tangental to this topic.


ETSI is a member organisation founded in 1988 supporting development, ratification and testing of globally applicable standards for ICT-enabled systems, applications and services. The technical body that is relevant to confidential computing standardisation within ETSI is NFV-SEC. In one of the upcoming blog posts I will review the latest version of the NFV-SEC work item and what it brings to confidential computing standardisation.

Confidential Computing Consortium (CCC)

Last in this list is the Confidential Computing Consortium, the most recently founded out of the three. The CCC is an industry association and as such might not (yet) be widely recognised as standardisation body. However, it is entirely focused on this topic with work groups contributing both technical implementations, governance guidelines and market analysis. I will review the work done within the CCC in part 4 of this series.

Other standardisation bodies

There are other standardisation bodies  or industry alliances that I did not include in the above list. For example, the Trusted Computing Group, the Cloud Security Alliance or the FIDO alliance. In case you consider that this should be corrected, feedback is welcome.

Next up

In the following posts in this series, I will dive deeper into work on standardising confidential computing done within IETF, ETSI and CCC, as well as CanaryBit’s contributions to that. In the meantime, if you want to know more about this technology or get tools to trust (and verify) your workloads just reach out to us though the contact form.

Get Started!

Explore how Confidential Cloud helps to secure your cloud infrastructure, protect your data from any AI workload and in turn, enable new business.



Preparing for DORA – a new challenge for financial entities

Preparing for DORA – a new challenge for financial entities

Preparations underway The Digital Operational Resilience Act (DORA), establishes the European Union’s new regulatory framework for the management of digital risks in financial markets. You can get a PDF of the regulation from the EU commission website. It entered into...

Enhancing the circularity of electric vehicle batteries

Enhancing the circularity of electric vehicle batteries

REmanufacture, REcycle, REuse and REduce: Mälardalen University is addressing these four main aspects of Circular Economy in a new project enabling circularity of electric batteries. It runs the project in close collaboration with the Swedish industry. The Circul8...

CanaryBit supports Mobility industry leaders

CanaryBit supports Mobility industry leaders

CanaryBit is one of the eight startups selected for batch 10 of the MobilityXlab programme. The programme aims to co-create solutions with seven mobility industry leaders: CEVT, Ericsson, Polestar, Veoneer, Volvo Cars, Volvo Group, and Zenseact. The competition was...